Key elements of a cybersecurity program

In the first quarter of 2023, worldwide cyber-attacks increased 7% compared to the same period last year, global cyber-attacks increased 32% over the previous year, and, according to a recent Deloitte poll, in the last 12 months, “34.5% of polled executives report that their organizations' accounting and financial data were targeted by cyber adversaries."

To reduce cyber risk, including ransomware, every organization needs an effective cybersecurity program that strengthens its defenses, detection, and response capabilities to reduce risk. In working with customers, we’ve seen organizations that lack some of the programmatic approaches we recommend. Specifically, organizations may be missing one or more of the four foundational activities we see as the most critical to implement: risk management, ransomware defense and readiness, external penetration testing and incident response (IR) capabilities.

Risk management

Since risks and their impact vary from organization to organization, each has different cybersecurity priorities based on its activities, data, communications, and transactions. And because risk is an ongoing security topic, organizations need a programmatic approach that successfully mitigates risks and identifies the most critical that require ongoing management. 

While risk assessments are compliance requirements for some organizations,  every organization should undertake risk assessment and management as an essential activity in their cybersecurity efforts. An industry standard for understanding organizational risk is the NIST 800-30 guide for conducting risk assessments, followed by mitigation efforts that include ongoing management and regular updates to a formal risk register. These efforts provide an understanding of risk likelihood and impact and, therefore, inform action and prioritizations.

Ransomware defense and readiness

The number of ransomware attacks and their incurred costs continue to grow at an alarming rate. , this metric is expected to narrow to two seconds by 2031. Damage costs are also predicted to surge from $20 million to $265 billion over the same timeframe. Given this growth and the highly automated and increasingly sophisticated nature of ransomware attacks, organizations must focus on minimizing the likelihood of an occurrence and reducing the impact with effective, timely responses to attacks. This means continuously fortifying defenses and creating and maintaining response and recovery capabilities in-house – all before a ransomware incident occurs.

Strong defenses on email, web browsers, perimeters, and endpoints, as well as anti-malware, secure configurations, and hardening, can stop an attack before it happens. If you can’t prevent it, then limit the impact with quick detection and strong incident response that contains the attack, preferably to a single laptop or workstation. Next, have a team that can recover from the impacts using backups and disaster recovery – and again fortify the environment and reinforce training.

External penetration testing

In addition to establishing defenses, it’s vital to regularly asses and test them to uncover gaps that bad actors can exploit. Testing perimeter weaknesses to identify, evaluate, and remediate strengthens defenses against external threats, including ransomware. The crucial activity to test perimeter defenses is engaging external professionals to attempt to penetrate the environment. There is no substitute for regular external penetration testing for discovering vulnerabilities in an environment, especially when threats are constantly changing and becoming increasingly complex.

Incident response

Often overlooked, incident response plans and tabletop testing for IT staff are critical preparation to respond, contain, and recover successfully from incidents. Ideally, the IT staff on duty can quickly and effectively respond to an incident based on having an up-to-date incident response plan and having had the opportunity to regularly test that plan before an incident occurs. IT teams who either don’t have an IR plan or have not recently tested their plan will have slower responses and are less knowledgeable about the right actions and when to take them. This results in incidents with more significant damages: costs, downtime, and data loss.

The value of external expertise

Highly certified providers with extensive knowledge and experience in cybersecurity best practices can support enterprises by providing much-needed specialized services for assessments, increasing defenses, identifying weaknesses and vulnerabilities, and preparing for effective incident responses.

Based on our experience with customer needs and challenges, including internal staffing and knowledge gaps, we’ve created services to support organizations in developing programmatic approaches to risk and cybersecurity. The Flexential Professional Services’ Cyber Defense Program employs cybersecurity and risk management best practices and standards to identify and mitigate risk and build cybersecurity defenses that reduce the impact and likelihood of cyber events. The program combines risk identification with prioritized, actionable recommendations to quickly decrease risk to the organization by closing vulnerabilities, preparing staff for cyber events, and strengthening identification and response capabilities.

With the ever-expanding threat landscape, there is no time like the present to increase your organization’s defenses. While devising and implementing an effective cybersecurity program may be challenging, time-consuming, and costly, losses from a successful ransomware attack, data corruption, and unplanned downtime quickly exceed the price of proactive and preventive measures. Furthermore, it is business-critical for IT departments to protect the confidentiality, integrity, and availability of their organization’s operations and data.